Skills
skills/zephyrwang6/myskill/blog-post-writer/Gen Agent Trust Hub

blog-post-writer

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted user data in the form of thoughts, articles, and links, which presents a surface for indirect prompt injection attacks.
  • Ingestion points: User input is received in the first step of the workflow defined in SKILL.md.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present in the prompt instructions.
  • Capability inventory: The skill has the capability to perform external network requests (via the image generation script) and local file system write operations.
  • Sanitization: No sanitization or validation of external content is performed before processing.
  • [EXTERNAL_DOWNLOADS]: The script scripts/generate_image_seedream.py makes a network request to the external domain api.gptnb.ai to generate images based on prompts.
  • [COMMAND_EXECUTION]: The skill is instructed to create new files on the local file system (e.g., 标题.md) to save the generated blog posts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 12:29 PM